OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/renderer/webcrypto/webcrypto_impl.h" | 5 #include "content/renderer/webcrypto/webcrypto_impl.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 #include <string> | 8 #include <string> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
11 #include "base/basictypes.h" | 11 #include "base/basictypes.h" |
| 12 #include "base/json/json_writer.h" |
12 #include "base/logging.h" | 13 #include "base/logging.h" |
13 #include "base/memory/ref_counted.h" | 14 #include "base/memory/ref_counted.h" |
14 #include "base/strings/string_number_conversions.h" | 15 #include "base/strings/string_number_conversions.h" |
15 #include "content/public/renderer/content_renderer_client.h" | 16 #include "content/public/renderer/content_renderer_client.h" |
16 #include "content/renderer/renderer_webkitplatformsupport_impl.h" | 17 #include "content/renderer/renderer_webkitplatformsupport_impl.h" |
| 18 #include "content/renderer/webcrypto/webcrypto_util.h" |
17 #include "testing/gtest/include/gtest/gtest.h" | 19 #include "testing/gtest/include/gtest/gtest.h" |
18 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" | 20 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" |
19 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" | 21 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" |
20 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" | 22 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" |
21 #include "third_party/WebKit/public/platform/WebCryptoKey.h" | 23 #include "third_party/WebKit/public/platform/WebCryptoKey.h" |
22 | 24 |
| 25 namespace content { |
| 26 |
23 namespace { | 27 namespace { |
24 | 28 |
25 std::vector<uint8> HexStringToBytes(const std::string& hex) { | 29 std::vector<uint8> HexStringToBytes(const std::string& hex) { |
26 std::vector<uint8> bytes; | 30 std::vector<uint8> bytes; |
27 base::HexStringToBytes(hex, &bytes); | 31 base::HexStringToBytes(hex, &bytes); |
28 return bytes; | 32 return bytes; |
29 } | 33 } |
30 | 34 |
31 void ExpectArrayBufferMatchesHex(const std::string& expected_hex, | 35 void ExpectArrayBufferMatchesHex(const std::string& expected_hex, |
32 const blink::WebArrayBuffer& array_buffer) { | 36 const blink::WebArrayBuffer& array_buffer) { |
33 EXPECT_STRCASEEQ( | 37 EXPECT_STRCASEEQ( |
34 expected_hex.c_str(), | 38 expected_hex.c_str(), |
35 base::HexEncode( | 39 base::HexEncode(array_buffer.data(), array_buffer.byteLength()).c_str()); |
36 array_buffer.data(), array_buffer.byteLength()).c_str()); | |
37 } | 40 } |
38 | 41 |
39 blink::WebCryptoAlgorithm CreateAlgorithm(blink::WebCryptoAlgorithmId id) { | 42 std::vector<uint8> MakeJsonVector(const std::string& json_string) { |
40 return blink::WebCryptoAlgorithm::adoptParamsAndCreate(id, NULL); | 43 return std::vector<uint8>(json_string.begin(), json_string.end()); |
41 } | 44 } |
42 | 45 |
43 blink::WebCryptoAlgorithm CreateHmacAlgorithm( | 46 std::vector<uint8> MakeJsonVector(const base::DictionaryValue& dict) { |
44 blink::WebCryptoAlgorithmId hashId) { | 47 std::string json; |
45 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( | 48 base::JSONWriter::Write(&dict, &json); |
46 blink::WebCryptoAlgorithmIdHmac, | 49 return MakeJsonVector(json); |
47 new blink::WebCryptoHmacParams(CreateAlgorithm(hashId))); | |
48 } | 50 } |
49 | 51 |
50 blink::WebCryptoAlgorithm CreateHmacKeyAlgorithm( | 52 // Helper for ImportJwkBadJwk; restores JWK JSON dictionary to a good state |
51 blink::WebCryptoAlgorithmId hashId, | 53 void RestoreDictionaryForImportBadJwkTest(base::DictionaryValue* dict) { |
52 unsigned hash_length) { | 54 dict->Clear(); |
53 // hash_length < 0 means unspecified | 55 dict->SetString("kty", "oct"); |
54 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( | 56 dict->SetString("alg", "A128CBC"); |
55 blink::WebCryptoAlgorithmIdHmac, | 57 dict->SetString("use", "enc"); |
56 new blink::WebCryptoHmacKeyParams(CreateAlgorithm(hashId), | 58 dict->SetBoolean("extractable", false); |
57 (hash_length != 0), | 59 dict->SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); |
58 hash_length)); | |
59 } | 60 } |
60 | |
61 // Returns a pointer to the start of |data|, or NULL if it is empty. This is a | |
62 // convenience function for getting the pointer, and should not be used beyond | |
63 // the expected lifetime of |data|. | |
64 const uint8* Start(const std::vector<uint8>& data) { | |
65 if (data.empty()) | |
66 return NULL; | |
67 return &data[0]; | |
68 } | |
69 | |
70 blink::WebCryptoAlgorithm CreateAesCbcAlgorithm( | |
71 const std::vector<uint8>& iv) { | |
72 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( | |
73 blink::WebCryptoAlgorithmIdAesCbc, | |
74 new blink::WebCryptoAesCbcParams(Start(iv), iv.size())); | |
75 } | |
76 | |
77 blink::WebCryptoAlgorithm CreateAesCbcAlgorithm( | |
78 unsigned short key_length_bits) { // NOLINT | |
79 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( | |
80 blink::WebCryptoAlgorithmIdAesCbc, | |
81 new blink::WebCryptoAesKeyGenParams(key_length_bits)); | |
82 } | |
83 | |
84 #if !defined(USE_OPENSSL) | 61 #if !defined(USE_OPENSSL) |
85 | 62 |
86 blink::WebCryptoAlgorithm CreateRsaKeyGenAlgorithm( | 63 blink::WebCryptoAlgorithm CreateRsaKeyGenAlgorithm( |
87 blink::WebCryptoAlgorithmId algorithm_id, | 64 blink::WebCryptoAlgorithmId algorithm_id, |
88 unsigned modulus_length, | 65 unsigned modulus_length, |
89 const std::vector<uint8>& public_exponent) { | 66 const std::vector<uint8>& public_exponent) { |
90 DCHECK(algorithm_id == blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5 || | 67 DCHECK(algorithm_id == blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5 || |
91 algorithm_id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 || | 68 algorithm_id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 || |
92 algorithm_id == blink::WebCryptoAlgorithmIdRsaOaep); | 69 algorithm_id == blink::WebCryptoAlgorithmIdRsaOaep); |
93 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( | 70 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( |
94 algorithm_id, | 71 algorithm_id, |
95 new blink::WebCryptoRsaKeyGenParams( | 72 new blink::WebCryptoRsaKeyGenParams( |
96 modulus_length, Start(public_exponent), public_exponent.size())); | 73 modulus_length, |
| 74 webcrypto::Uint8VectorStart(public_exponent), |
| 75 public_exponent.size())); |
97 } | 76 } |
98 | 77 |
99 #endif // #if !defined(USE_OPENSSL) | 78 #endif // #if !defined(USE_OPENSSL) |
100 | 79 |
101 } // namespace | 80 } // namespace |
102 | 81 |
103 namespace content { | |
104 | |
105 class WebCryptoImplTest : public testing::Test { | 82 class WebCryptoImplTest : public testing::Test { |
106 protected: | 83 protected: |
107 blink::WebCryptoKey ImportSecretKeyFromRawHexString( | 84 blink::WebCryptoKey ImportSecretKeyFromRawHexString( |
108 const std::string& key_hex, | 85 const std::string& key_hex, |
109 const blink::WebCryptoAlgorithm& algorithm, | 86 const blink::WebCryptoAlgorithm& algorithm, |
110 blink::WebCryptoKeyUsageMask usage) { | 87 blink::WebCryptoKeyUsageMask usage) { |
111 std::vector<uint8> key_raw = HexStringToBytes(key_hex); | 88 std::vector<uint8> key_raw = HexStringToBytes(key_hex); |
112 | 89 |
113 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 90 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
114 bool extractable = true; | 91 bool extractable = true; |
115 EXPECT_TRUE(crypto_.ImportKeyInternal(blink::WebCryptoKeyFormatRaw, | 92 EXPECT_TRUE(crypto_.ImportKeyInternal(blink::WebCryptoKeyFormatRaw, |
116 Start(key_raw), | 93 webcrypto::Uint8VectorStart(key_raw), |
117 key_raw.size(), | 94 key_raw.size(), |
118 algorithm, | 95 algorithm, |
119 extractable, | 96 extractable, |
120 usage, | 97 usage, |
121 &key)); | 98 &key)); |
122 | 99 |
123 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); | 100 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
124 EXPECT_FALSE(key.isNull()); | 101 EXPECT_FALSE(key.isNull()); |
125 EXPECT_TRUE(key.handle()); | 102 EXPECT_TRUE(key.handle()); |
126 return key; | 103 return key; |
127 } | 104 } |
128 | 105 |
129 // Forwarding methods to gain access to protected methods of | 106 // Forwarding methods to gain access to protected methods of |
130 // WebCryptoImpl. | 107 // WebCryptoImpl. |
131 | 108 |
132 bool DigestInternal( | 109 bool DigestInternal( |
133 const blink::WebCryptoAlgorithm& algorithm, | 110 const blink::WebCryptoAlgorithm& algorithm, |
134 const std::vector<uint8>& data, | 111 const std::vector<uint8>& data, |
135 blink::WebArrayBuffer* buffer) { | 112 blink::WebArrayBuffer* buffer) { |
136 return crypto_.DigestInternal(algorithm, Start(data), data.size(), buffer); | 113 return crypto_.DigestInternal( |
| 114 algorithm, webcrypto::Uint8VectorStart(data), data.size(), buffer); |
137 } | 115 } |
138 | 116 |
139 bool GenerateKeyInternal( | 117 bool GenerateKeyInternal( |
140 const blink::WebCryptoAlgorithm& algorithm, | 118 const blink::WebCryptoAlgorithm& algorithm, |
141 blink::WebCryptoKey* key) { | 119 blink::WebCryptoKey* key) { |
142 bool extractable = true; | 120 bool extractable = true; |
143 blink::WebCryptoKeyUsageMask usage_mask = 0; | 121 blink::WebCryptoKeyUsageMask usage_mask = 0; |
144 return crypto_.GenerateKeyInternal(algorithm, extractable, usage_mask, key); | 122 return crypto_.GenerateKeyInternal(algorithm, extractable, usage_mask, key); |
145 } | 123 } |
146 | 124 |
147 bool GenerateKeyPairInternal( | 125 bool GenerateKeyPairInternal( |
148 const blink::WebCryptoAlgorithm& algorithm, | 126 const blink::WebCryptoAlgorithm& algorithm, |
149 bool extractable, | 127 bool extractable, |
150 blink::WebCryptoKeyUsageMask usage_mask, | 128 blink::WebCryptoKeyUsageMask usage_mask, |
151 blink::WebCryptoKey* public_key, | 129 blink::WebCryptoKey* public_key, |
152 blink::WebCryptoKey* private_key) { | 130 blink::WebCryptoKey* private_key) { |
153 return crypto_.GenerateKeyPairInternal( | 131 return crypto_.GenerateKeyPairInternal( |
154 algorithm, extractable, usage_mask, public_key, private_key); | 132 algorithm, extractable, usage_mask, public_key, private_key); |
155 } | 133 } |
156 | 134 |
157 bool ImportKeyInternal( | 135 bool ImportKeyInternal( |
158 blink::WebCryptoKeyFormat format, | 136 blink::WebCryptoKeyFormat format, |
159 const std::vector<uint8>& key_data, | 137 const std::vector<uint8>& key_data, |
160 const blink::WebCryptoAlgorithm& algorithm, | 138 const blink::WebCryptoAlgorithm& algorithm, |
161 bool extractable, | 139 bool extractable, |
162 blink::WebCryptoKeyUsageMask usage_mask, | 140 blink::WebCryptoKeyUsageMask usage_mask, |
163 blink::WebCryptoKey* key) { | 141 blink::WebCryptoKey* key) { |
164 return crypto_.ImportKeyInternal(format, | 142 return crypto_.ImportKeyInternal(format, |
165 Start(key_data), | 143 webcrypto::Uint8VectorStart(key_data), |
166 key_data.size(), | 144 key_data.size(), |
167 algorithm, | 145 algorithm, |
168 extractable, | 146 extractable, |
169 usage_mask, | 147 usage_mask, |
170 key); | 148 key); |
171 } | 149 } |
172 | 150 |
173 bool ExportKeyInternal( | 151 bool ExportKeyInternal( |
174 blink::WebCryptoKeyFormat format, | 152 blink::WebCryptoKeyFormat format, |
175 const blink::WebCryptoKey& key, | 153 const blink::WebCryptoKey& key, |
176 blink::WebArrayBuffer* buffer) { | 154 blink::WebArrayBuffer* buffer) { |
177 return crypto_.ExportKeyInternal(format, key, buffer); | 155 return crypto_.ExportKeyInternal(format, key, buffer); |
178 } | 156 } |
179 | 157 |
180 bool SignInternal( | 158 bool SignInternal( |
181 const blink::WebCryptoAlgorithm& algorithm, | 159 const blink::WebCryptoAlgorithm& algorithm, |
182 const blink::WebCryptoKey& key, | 160 const blink::WebCryptoKey& key, |
183 const std::vector<uint8>& data, | 161 const std::vector<uint8>& data, |
184 blink::WebArrayBuffer* buffer) { | 162 blink::WebArrayBuffer* buffer) { |
185 return crypto_.SignInternal( | 163 return crypto_.SignInternal( |
186 algorithm, key, Start(data), data.size(), buffer); | 164 algorithm, key, webcrypto::Uint8VectorStart(data), data.size(), buffer); |
187 } | 165 } |
188 | 166 |
189 bool VerifySignatureInternal( | 167 bool VerifySignatureInternal( |
190 const blink::WebCryptoAlgorithm& algorithm, | 168 const blink::WebCryptoAlgorithm& algorithm, |
191 const blink::WebCryptoKey& key, | 169 const blink::WebCryptoKey& key, |
192 const unsigned char* signature, | 170 const unsigned char* signature, |
193 unsigned signature_size, | 171 unsigned signature_size, |
194 const std::vector<uint8>& data, | 172 const std::vector<uint8>& data, |
195 bool* signature_match) { | 173 bool* signature_match) { |
196 return crypto_.VerifySignatureInternal(algorithm, | 174 return crypto_.VerifySignatureInternal(algorithm, |
197 key, | 175 key, |
198 signature, | 176 signature, |
199 signature_size, | 177 signature_size, |
200 Start(data), | 178 webcrypto::Uint8VectorStart(data), |
201 data.size(), | 179 data.size(), |
202 signature_match); | 180 signature_match); |
203 } | 181 } |
204 | 182 |
205 bool EncryptInternal( | 183 bool EncryptInternal( |
206 const blink::WebCryptoAlgorithm& algorithm, | 184 const blink::WebCryptoAlgorithm& algorithm, |
207 const blink::WebCryptoKey& key, | 185 const blink::WebCryptoKey& key, |
208 const unsigned char* data, | 186 const unsigned char* data, |
209 unsigned data_size, | 187 unsigned data_size, |
210 blink::WebArrayBuffer* buffer) { | 188 blink::WebArrayBuffer* buffer) { |
211 return crypto_.EncryptInternal(algorithm, key, data, data_size, buffer); | 189 return crypto_.EncryptInternal(algorithm, key, data, data_size, buffer); |
212 } | 190 } |
213 | 191 |
214 bool EncryptInternal( | 192 bool EncryptInternal( |
215 const blink::WebCryptoAlgorithm& algorithm, | 193 const blink::WebCryptoAlgorithm& algorithm, |
216 const blink::WebCryptoKey& key, | 194 const blink::WebCryptoKey& key, |
217 const std::vector<uint8>& data, | 195 const std::vector<uint8>& data, |
218 blink::WebArrayBuffer* buffer) { | 196 blink::WebArrayBuffer* buffer) { |
219 return crypto_.EncryptInternal( | 197 return crypto_.EncryptInternal( |
220 algorithm, key, Start(data), data.size(), buffer); | 198 algorithm, key, webcrypto::Uint8VectorStart(data), data.size(), buffer); |
221 } | 199 } |
222 | 200 |
223 bool DecryptInternal( | 201 bool DecryptInternal( |
224 const blink::WebCryptoAlgorithm& algorithm, | 202 const blink::WebCryptoAlgorithm& algorithm, |
225 const blink::WebCryptoKey& key, | 203 const blink::WebCryptoKey& key, |
226 const unsigned char* data, | 204 const unsigned char* data, |
227 unsigned data_size, | 205 unsigned data_size, |
228 blink::WebArrayBuffer* buffer) { | 206 blink::WebArrayBuffer* buffer) { |
229 return crypto_.DecryptInternal(algorithm, key, data, data_size, buffer); | 207 return crypto_.DecryptInternal(algorithm, key, data, data_size, buffer); |
230 } | 208 } |
231 | 209 |
232 bool DecryptInternal( | 210 bool DecryptInternal( |
233 const blink::WebCryptoAlgorithm& algorithm, | 211 const blink::WebCryptoAlgorithm& algorithm, |
234 const blink::WebCryptoKey& key, | 212 const blink::WebCryptoKey& key, |
235 const std::vector<uint8>& data, | 213 const std::vector<uint8>& data, |
236 blink::WebArrayBuffer* buffer) { | 214 blink::WebArrayBuffer* buffer) { |
237 return crypto_.DecryptInternal( | 215 return crypto_.DecryptInternal( |
238 algorithm, key, Start(data), data.size(), buffer); | 216 algorithm, key, webcrypto::Uint8VectorStart(data), data.size(), buffer); |
| 217 } |
| 218 |
| 219 bool ImportKeyJwk( |
| 220 const std::vector<uint8>& key_data, |
| 221 const blink::WebCryptoAlgorithm& algorithm, |
| 222 bool extractable, |
| 223 blink::WebCryptoKeyUsageMask usage_mask, |
| 224 blink::WebCryptoKey* key) { |
| 225 return crypto_.ImportKeyJwk(webcrypto::Uint8VectorStart(key_data), |
| 226 key_data.size(), |
| 227 algorithm, |
| 228 extractable, |
| 229 usage_mask, |
| 230 key); |
239 } | 231 } |
240 | 232 |
241 private: | 233 private: |
242 WebCryptoImpl crypto_; | 234 WebCryptoImpl crypto_; |
243 }; | 235 }; |
244 | 236 |
245 TEST_F(WebCryptoImplTest, DigestSampleSets) { | 237 TEST_F(WebCryptoImplTest, DigestSampleSets) { |
246 // The results are stored here in hex format for readability. | 238 // The results are stored here in hex format for readability. |
247 // | 239 // |
248 // TODO(bryaneyler): Eventually, all these sample test sets should be replaced | 240 // TODO(bryaneyler): Eventually, all these sample test sets should be replaced |
(...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
307 "2f3831bccc94cf061bcfa5f8c23c1429d26e3bc6b76edad93d9025cb91c903af6cf9" | 299 "2f3831bccc94cf061bcfa5f8c23c1429d26e3bc6b76edad93d9025cb91c903af6cf9" |
308 "c935dc37193c04c2c66e7d9de17c358284418218afea2160147aaa912f4c", | 300 "c935dc37193c04c2c66e7d9de17c358284418218afea2160147aaa912f4c", |
309 }, | 301 }, |
310 }; | 302 }; |
311 | 303 |
312 for (size_t test_index = 0; test_index < ARRAYSIZE_UNSAFE(kTests); | 304 for (size_t test_index = 0; test_index < ARRAYSIZE_UNSAFE(kTests); |
313 ++test_index) { | 305 ++test_index) { |
314 SCOPED_TRACE(test_index); | 306 SCOPED_TRACE(test_index); |
315 const TestCase& test = kTests[test_index]; | 307 const TestCase& test = kTests[test_index]; |
316 | 308 |
317 blink::WebCryptoAlgorithm algorithm = CreateAlgorithm(test.algorithm); | 309 blink::WebCryptoAlgorithm algorithm = |
| 310 webcrypto::CreateAlgorithm(test.algorithm); |
318 std::vector<uint8> input = HexStringToBytes(test.hex_input); | 311 std::vector<uint8> input = HexStringToBytes(test.hex_input); |
319 | 312 |
320 blink::WebArrayBuffer output; | 313 blink::WebArrayBuffer output; |
321 ASSERT_TRUE(DigestInternal(algorithm, input, &output)); | 314 ASSERT_TRUE(DigestInternal(algorithm, input, &output)); |
322 ExpectArrayBufferMatchesHex(test.hex_result, output); | 315 ExpectArrayBufferMatchesHex(test.hex_result, output); |
323 } | 316 } |
324 } | 317 } |
325 | 318 |
326 TEST_F(WebCryptoImplTest, HMACSampleSets) { | 319 TEST_F(WebCryptoImplTest, HMACSampleSets) { |
327 struct TestCase { | 320 struct TestCase { |
(...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
409 // mac | 402 // mac |
410 "4f1ee7cb36c58803a8721d4ac8c4cf8cae5d8832392eed2a96dc59694252801b", | 403 "4f1ee7cb36c58803a8721d4ac8c4cf8cae5d8832392eed2a96dc59694252801b", |
411 }, | 404 }, |
412 }; | 405 }; |
413 | 406 |
414 for (size_t test_index = 0; test_index < ARRAYSIZE_UNSAFE(kTests); | 407 for (size_t test_index = 0; test_index < ARRAYSIZE_UNSAFE(kTests); |
415 ++test_index) { | 408 ++test_index) { |
416 SCOPED_TRACE(test_index); | 409 SCOPED_TRACE(test_index); |
417 const TestCase& test = kTests[test_index]; | 410 const TestCase& test = kTests[test_index]; |
418 | 411 |
419 blink::WebCryptoAlgorithm algorithm = CreateHmacAlgorithm(test.algorithm); | 412 blink::WebCryptoAlgorithm algorithm = |
| 413 webcrypto::CreateHmacAlgorithmByHashId(test.algorithm); |
420 | 414 |
421 blink::WebCryptoKey key = ImportSecretKeyFromRawHexString( | 415 blink::WebCryptoKey key = ImportSecretKeyFromRawHexString( |
422 test.key, algorithm, blink::WebCryptoKeyUsageSign); | 416 test.key, algorithm, blink::WebCryptoKeyUsageSign); |
423 | 417 |
424 std::vector<uint8> message_raw = HexStringToBytes(test.message); | 418 std::vector<uint8> message_raw = HexStringToBytes(test.message); |
425 | 419 |
426 blink::WebArrayBuffer output; | 420 blink::WebArrayBuffer output; |
427 | 421 |
428 ASSERT_TRUE(SignInternal(algorithm, key, message_raw, &output)); | 422 ASSERT_TRUE(SignInternal(algorithm, key, message_raw, &output)); |
429 | 423 |
(...skipping 25 matching lines...) Expand all Loading... |
455 algorithm, | 449 algorithm, |
456 key, | 450 key, |
457 kLongSignature, | 451 kLongSignature, |
458 sizeof(kLongSignature), | 452 sizeof(kLongSignature), |
459 message_raw, | 453 message_raw, |
460 &signature_match)); | 454 &signature_match)); |
461 EXPECT_FALSE(signature_match); | 455 EXPECT_FALSE(signature_match); |
462 } | 456 } |
463 } | 457 } |
464 | 458 |
| 459 #if !defined(USE_OPENSSL) |
| 460 |
465 TEST_F(WebCryptoImplTest, AesCbcFailures) { | 461 TEST_F(WebCryptoImplTest, AesCbcFailures) { |
466 blink::WebCryptoKey key = ImportSecretKeyFromRawHexString( | 462 blink::WebCryptoKey key = ImportSecretKeyFromRawHexString( |
467 "2b7e151628aed2a6abf7158809cf4f3c", | 463 "2b7e151628aed2a6abf7158809cf4f3c", |
468 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 464 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
469 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt); | 465 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt); |
470 | 466 |
471 blink::WebArrayBuffer output; | 467 blink::WebArrayBuffer output; |
472 | 468 |
473 // Use an invalid |iv| (fewer than 16 bytes) | 469 // Use an invalid |iv| (fewer than 16 bytes) |
474 { | 470 { |
475 std::vector<uint8> input(32); | 471 std::vector<uint8> input(32); |
476 std::vector<uint8> iv; | 472 std::vector<uint8> iv; |
477 EXPECT_FALSE( | 473 EXPECT_FALSE(EncryptInternal( |
478 EncryptInternal(CreateAesCbcAlgorithm(iv), key, input, &output)); | 474 webcrypto::CreateAesCbcAlgorithm(iv), key, input, &output)); |
479 EXPECT_FALSE( | 475 EXPECT_FALSE(DecryptInternal( |
480 DecryptInternal(CreateAesCbcAlgorithm(iv), key, input, &output)); | 476 webcrypto::CreateAesCbcAlgorithm(iv), key, input, &output)); |
481 } | 477 } |
482 | 478 |
483 // Use an invalid |iv| (more than 16 bytes) | 479 // Use an invalid |iv| (more than 16 bytes) |
484 { | 480 { |
485 std::vector<uint8> input(32); | 481 std::vector<uint8> input(32); |
486 std::vector<uint8> iv(17); | 482 std::vector<uint8> iv(17); |
487 EXPECT_FALSE( | 483 EXPECT_FALSE(EncryptInternal( |
488 EncryptInternal(CreateAesCbcAlgorithm(iv), key, input, &output)); | 484 webcrypto::CreateAesCbcAlgorithm(iv), key, input, &output)); |
489 EXPECT_FALSE( | 485 EXPECT_FALSE(DecryptInternal( |
490 DecryptInternal(CreateAesCbcAlgorithm(iv), key, input, &output)); | 486 webcrypto::CreateAesCbcAlgorithm(iv), key, input, &output)); |
491 } | 487 } |
492 | 488 |
493 // Give an input that is too large (would cause integer overflow when | 489 // Give an input that is too large (would cause integer overflow when |
494 // narrowing to an int). | 490 // narrowing to an int). |
495 { | 491 { |
496 std::vector<uint8> iv(16); | 492 std::vector<uint8> iv(16); |
497 | 493 |
498 // Pretend the input is large. Don't pass data pointer as NULL in case that | 494 // Pretend the input is large. Don't pass data pointer as NULL in case that |
499 // is special cased; the implementation shouldn't actually dereference the | 495 // is special cased; the implementation shouldn't actually dereference the |
500 // data. | 496 // data. |
501 const unsigned char* input = &iv[0]; | 497 const unsigned char* input = &iv[0]; |
502 unsigned input_len = INT_MAX - 3; | 498 unsigned input_len = INT_MAX - 3; |
503 | 499 |
504 EXPECT_FALSE(EncryptInternal( | 500 EXPECT_FALSE(EncryptInternal( |
505 CreateAesCbcAlgorithm(iv), key, input, input_len, &output)); | 501 webcrypto::CreateAesCbcAlgorithm(iv), key, input, input_len, &output)); |
506 EXPECT_FALSE(DecryptInternal( | 502 EXPECT_FALSE(DecryptInternal( |
507 CreateAesCbcAlgorithm(iv), key, input, input_len, &output)); | 503 webcrypto::CreateAesCbcAlgorithm(iv), key, input, input_len, &output)); |
508 } | 504 } |
509 | 505 |
510 // Fail importing the key (too few bytes specified) | 506 // Fail importing the key (too few bytes specified) |
511 { | 507 { |
512 std::vector<uint8> key_raw(1); | 508 std::vector<uint8> key_raw(1); |
513 std::vector<uint8> iv(16); | 509 std::vector<uint8> iv(16); |
514 | 510 |
515 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 511 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
516 EXPECT_FALSE(ImportKeyInternal(blink::WebCryptoKeyFormatRaw, | 512 EXPECT_FALSE(ImportKeyInternal(blink::WebCryptoKeyFormatRaw, |
517 key_raw, | 513 key_raw, |
518 CreateAesCbcAlgorithm(iv), | 514 webcrypto::CreateAesCbcAlgorithm(iv), |
519 true, | 515 true, |
520 blink::WebCryptoKeyUsageEncrypt, | 516 blink::WebCryptoKeyUsageEncrypt, |
521 &key)); | 517 &key)); |
522 } | 518 } |
523 | 519 |
524 // Fail exporting the key in SPKI format (SPKI export not allowed for secret | 520 // Fail exporting the key in SPKI format (SPKI export not allowed for secret |
525 // keys) | 521 // keys) |
526 EXPECT_FALSE(ExportKeyInternal(blink::WebCryptoKeyFormatSpki, key, &output)); | 522 EXPECT_FALSE(ExportKeyInternal(blink::WebCryptoKeyFormatSpki, key, &output)); |
527 } | 523 } |
528 | 524 |
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
603 "8518b8878d34e7185e300d0fcc426396" | 599 "8518b8878d34e7185e300d0fcc426396" |
604 }, | 600 }, |
605 }; | 601 }; |
606 | 602 |
607 for (size_t index = 0; index < ARRAYSIZE_UNSAFE(kTests); index++) { | 603 for (size_t index = 0; index < ARRAYSIZE_UNSAFE(kTests); index++) { |
608 SCOPED_TRACE(index); | 604 SCOPED_TRACE(index); |
609 const TestCase& test = kTests[index]; | 605 const TestCase& test = kTests[index]; |
610 | 606 |
611 blink::WebCryptoKey key = ImportSecretKeyFromRawHexString( | 607 blink::WebCryptoKey key = ImportSecretKeyFromRawHexString( |
612 test.key, | 608 test.key, |
613 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 609 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
614 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt); | 610 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt); |
615 | 611 |
616 std::vector<uint8> plain_text = HexStringToBytes(test.plain_text); | 612 std::vector<uint8> plain_text = HexStringToBytes(test.plain_text); |
617 std::vector<uint8> iv = HexStringToBytes(test.iv); | 613 std::vector<uint8> iv = HexStringToBytes(test.iv); |
618 | 614 |
619 blink::WebArrayBuffer output; | 615 blink::WebArrayBuffer output; |
620 | 616 |
621 // Test encryption. | 617 // Test encryption. |
622 EXPECT_TRUE(EncryptInternal(CreateAesCbcAlgorithm(iv), | 618 EXPECT_TRUE(EncryptInternal(webcrypto::CreateAesCbcAlgorithm(iv), |
623 key, | 619 key, |
624 plain_text, | 620 plain_text, |
625 &output)); | 621 &output)); |
626 ExpectArrayBufferMatchesHex(test.cipher_text, output); | 622 ExpectArrayBufferMatchesHex(test.cipher_text, output); |
627 | 623 |
628 // Test decryption. | 624 // Test decryption. |
629 std::vector<uint8> cipher_text = HexStringToBytes(test.cipher_text); | 625 std::vector<uint8> cipher_text = HexStringToBytes(test.cipher_text); |
630 EXPECT_TRUE(DecryptInternal(CreateAesCbcAlgorithm(iv), | 626 EXPECT_TRUE(DecryptInternal(webcrypto::CreateAesCbcAlgorithm(iv), |
631 key, | 627 key, |
632 cipher_text, | 628 cipher_text, |
633 &output)); | 629 &output)); |
634 ExpectArrayBufferMatchesHex(test.plain_text, output); | 630 ExpectArrayBufferMatchesHex(test.plain_text, output); |
635 | 631 |
636 const unsigned kAesCbcBlockSize = 16; | 632 const unsigned kAesCbcBlockSize = 16; |
637 | 633 |
638 // Decrypt with a padding error by stripping the last block. This also ends | 634 // Decrypt with a padding error by stripping the last block. This also ends |
639 // up testing decryption over empty cipher text. | 635 // up testing decryption over empty cipher text. |
640 if (cipher_text.size() >= kAesCbcBlockSize) { | 636 if (cipher_text.size() >= kAesCbcBlockSize) { |
641 EXPECT_FALSE(DecryptInternal(CreateAesCbcAlgorithm(iv), | 637 EXPECT_FALSE(DecryptInternal(webcrypto::CreateAesCbcAlgorithm(iv), |
642 key, | 638 key, |
643 &cipher_text[0], | 639 &cipher_text[0], |
644 cipher_text.size() - kAesCbcBlockSize, | 640 cipher_text.size() - kAesCbcBlockSize, |
645 &output)); | 641 &output)); |
646 } | 642 } |
647 | 643 |
648 // Decrypt cipher text which is not a multiple of block size by stripping | 644 // Decrypt cipher text which is not a multiple of block size by stripping |
649 // a few bytes off the cipher text. | 645 // a few bytes off the cipher text. |
650 if (cipher_text.size() > 3) { | 646 if (cipher_text.size() > 3) { |
651 EXPECT_FALSE(DecryptInternal(CreateAesCbcAlgorithm(iv), | 647 EXPECT_FALSE(DecryptInternal(webcrypto::CreateAesCbcAlgorithm(iv), |
652 key, | 648 key, |
653 &cipher_text[0], | 649 &cipher_text[0], |
654 cipher_text.size() - 3, | 650 cipher_text.size() - 3, |
655 &output)); | 651 &output)); |
656 } | 652 } |
657 } | 653 } |
658 } | 654 } |
659 | 655 |
660 // TODO(padolph): Add test to verify generated symmetric keys appear random. | 656 // TODO(padolph): Add test to verify generated symmetric keys appear random. |
661 | 657 |
662 TEST_F(WebCryptoImplTest, GenerateKeyAes) { | 658 TEST_F(WebCryptoImplTest, GenerateKeyAes) { |
663 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 659 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
664 ASSERT_TRUE(GenerateKeyInternal(CreateAesCbcAlgorithm(128), &key)); | 660 ASSERT_TRUE( |
| 661 GenerateKeyInternal(webcrypto::CreateAesCbcKeyGenAlgorithm(128), &key)); |
665 EXPECT_TRUE(key.handle()); | 662 EXPECT_TRUE(key.handle()); |
666 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); | 663 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
667 } | 664 } |
668 | 665 |
669 TEST_F(WebCryptoImplTest, GenerateKeyAesBadLength) { | 666 TEST_F(WebCryptoImplTest, GenerateKeyAesBadLength) { |
670 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 667 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
671 EXPECT_FALSE(GenerateKeyInternal(CreateAesCbcAlgorithm(0), &key)); | 668 EXPECT_FALSE( |
672 EXPECT_FALSE(GenerateKeyInternal(CreateAesCbcAlgorithm(129), &key)); | 669 GenerateKeyInternal(webcrypto::CreateAesCbcKeyGenAlgorithm(0), &key)); |
| 670 EXPECT_FALSE( |
| 671 GenerateKeyInternal(webcrypto::CreateAesCbcKeyGenAlgorithm(0), &key)); |
| 672 EXPECT_FALSE( |
| 673 GenerateKeyInternal(webcrypto::CreateAesCbcKeyGenAlgorithm(129), &key)); |
673 } | 674 } |
674 | 675 |
675 TEST_F(WebCryptoImplTest, GenerateKeyHmac) { | 676 TEST_F(WebCryptoImplTest, GenerateKeyHmac) { |
676 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 677 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
677 blink::WebCryptoAlgorithm algorithm = | 678 blink::WebCryptoAlgorithm algorithm = webcrypto::CreateHmacKeyGenAlgorithm( |
678 CreateHmacKeyAlgorithm(blink::WebCryptoAlgorithmIdSha1, 128); | 679 blink::WebCryptoAlgorithmIdSha1, 128); |
679 ASSERT_TRUE(GenerateKeyInternal(algorithm, &key)); | 680 ASSERT_TRUE(GenerateKeyInternal(algorithm, &key)); |
680 EXPECT_FALSE(key.isNull()); | 681 EXPECT_FALSE(key.isNull()); |
681 EXPECT_TRUE(key.handle()); | 682 EXPECT_TRUE(key.handle()); |
682 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); | 683 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
683 } | 684 } |
684 | 685 |
685 TEST_F(WebCryptoImplTest, GenerateKeyHmacNoLength) { | 686 TEST_F(WebCryptoImplTest, GenerateKeyHmacNoLength) { |
686 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 687 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
687 blink::WebCryptoAlgorithm algorithm = | 688 blink::WebCryptoAlgorithm algorithm = |
688 CreateHmacKeyAlgorithm(blink::WebCryptoAlgorithmIdSha1, 0); | 689 webcrypto::CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha1, 0); |
689 ASSERT_TRUE(GenerateKeyInternal(algorithm, &key)); | 690 ASSERT_TRUE(GenerateKeyInternal(algorithm, &key)); |
690 EXPECT_TRUE(key.handle()); | 691 EXPECT_TRUE(key.handle()); |
691 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); | 692 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
692 } | 693 } |
693 | 694 |
694 TEST_F(WebCryptoImplTest, ImportSecretKeyNoAlgorithm) { | 695 TEST_F(WebCryptoImplTest, ImportSecretKeyNoAlgorithm) { |
695 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 696 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
696 | 697 |
697 // This fails because the algorithm is null. | 698 // This fails because the algorithm is null. |
698 EXPECT_FALSE(ImportKeyInternal( | 699 EXPECT_FALSE(ImportKeyInternal( |
699 blink::WebCryptoKeyFormatRaw, | 700 blink::WebCryptoKeyFormatRaw, |
700 HexStringToBytes("00000000000000000000"), | 701 HexStringToBytes("00000000000000000000"), |
701 blink::WebCryptoAlgorithm::createNull(), | 702 blink::WebCryptoAlgorithm::createNull(), |
702 true, | 703 true, |
703 blink::WebCryptoKeyUsageEncrypt, | 704 blink::WebCryptoKeyUsageEncrypt, |
704 &key)); | 705 &key)); |
705 } | 706 } |
706 | 707 |
| 708 #endif //#if !defined(USE_OPENSSL) |
| 709 |
| 710 TEST_F(WebCryptoImplTest, ImportJwkBadJwk) { |
| 711 |
| 712 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
| 713 blink::WebCryptoAlgorithm algorithm = |
| 714 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); |
| 715 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt; |
| 716 |
| 717 // Baseline pass: each test below breaks a single item, so we start with a |
| 718 // passing case to make sure each failure is caused by the isolated break. |
| 719 // Each breaking subtest below resets the dictionary to this passing case when |
| 720 // complete. |
| 721 base::DictionaryValue dict; |
| 722 RestoreDictionaryForImportBadJwkTest(&dict); |
| 723 std::vector<uint8> json_vec = MakeJsonVector(dict); |
| 724 EXPECT_TRUE(ImportKeyJwk(json_vec, algorithm, false, usage_mask, &key)); |
| 725 |
| 726 // Fail on empty JSON. |
| 727 EXPECT_FALSE( |
| 728 ImportKeyJwk(MakeJsonVector(""), algorithm, false, usage_mask, &key)); |
| 729 |
| 730 // Fail on invalid JSON. |
| 731 const std::vector<uint8> bad_json_vec = MakeJsonVector( |
| 732 "{" |
| 733 "\"kty\" : \"oct\"," |
| 734 "\"alg\" : \"HS256\"," |
| 735 "\"use\" : " |
| 736 ); |
| 737 EXPECT_FALSE(ImportKeyJwk(bad_json_vec, algorithm, false, usage_mask, &key)); |
| 738 |
| 739 // Fail on JWK alg present but unrecognized. |
| 740 dict.SetString("alg", "A127CBC"); |
| 741 json_vec = MakeJsonVector(dict); |
| 742 EXPECT_FALSE(ImportKeyJwk(json_vec, algorithm, false, usage_mask, &key)); |
| 743 RestoreDictionaryForImportBadJwkTest(&dict); |
| 744 |
| 745 // Fail on both JWK and input algorithm missing. |
| 746 dict.Remove("alg", NULL); |
| 747 json_vec = MakeJsonVector(dict); |
| 748 EXPECT_FALSE(ImportKeyJwk(json_vec, |
| 749 blink::WebCryptoAlgorithm::createNull(), |
| 750 false, |
| 751 usage_mask, |
| 752 &key)); |
| 753 RestoreDictionaryForImportBadJwkTest(&dict); |
| 754 |
| 755 // Fail on invalid kty. |
| 756 dict.SetString("kty", "foo"); |
| 757 json_vec = MakeJsonVector(dict); |
| 758 EXPECT_FALSE(ImportKeyJwk(json_vec, algorithm, false, usage_mask, &key)); |
| 759 RestoreDictionaryForImportBadJwkTest(&dict); |
| 760 |
| 761 // Fail on missing kty. |
| 762 dict.Remove("kty", NULL); |
| 763 json_vec = MakeJsonVector(dict); |
| 764 EXPECT_FALSE(ImportKeyJwk(json_vec, algorithm, false, usage_mask, &key)); |
| 765 RestoreDictionaryForImportBadJwkTest(&dict); |
| 766 |
| 767 // Fail on invalid use. |
| 768 dict.SetString("use", "foo"); |
| 769 json_vec = MakeJsonVector(dict); |
| 770 EXPECT_FALSE(ImportKeyJwk(json_vec, algorithm, false, usage_mask, &key)); |
| 771 RestoreDictionaryForImportBadJwkTest(&dict); |
| 772 |
| 773 // Fail on missing k when kty = "oct". |
| 774 dict.Remove("k", NULL); |
| 775 json_vec = MakeJsonVector(dict); |
| 776 EXPECT_FALSE(ImportKeyJwk(json_vec, algorithm, false, usage_mask, &key)); |
| 777 RestoreDictionaryForImportBadJwkTest(&dict); |
| 778 |
| 779 // Fail on bad b64 encoding for k. |
| 780 dict.SetString("k", "Qk3f0DsytU8lfza2au #$% Htaw2xpop9GYyTuH0p5GghxTI="); |
| 781 json_vec = MakeJsonVector(dict); |
| 782 EXPECT_FALSE(ImportKeyJwk(json_vec, algorithm, false, usage_mask, &key)); |
| 783 RestoreDictionaryForImportBadJwkTest(&dict); |
| 784 |
| 785 // Fail on empty k. |
| 786 dict.SetString("k", ""); |
| 787 json_vec = MakeJsonVector(dict); |
| 788 EXPECT_FALSE(ImportKeyJwk(json_vec, algorithm, false, usage_mask, &key)); |
| 789 RestoreDictionaryForImportBadJwkTest(&dict); |
| 790 |
| 791 // Fail on k actual length (120 bits) inconsistent with the embedded JWK alg |
| 792 // value (128) for an AES key. |
| 793 dict.SetString("k", "AVj42h0Y5aqGtE3yluKL"); |
| 794 json_vec = MakeJsonVector(dict); |
| 795 EXPECT_FALSE(ImportKeyJwk(json_vec, algorithm, false, usage_mask, &key)); |
| 796 RestoreDictionaryForImportBadJwkTest(&dict); |
| 797 |
| 798 // TODO(padolph) RSA public key bad data: |
| 799 // Missing n or e when kty = "RSA" |
| 800 // Bad encoding for n or e |
| 801 // Size check on n?? |
| 802 // Value check on e?? |
| 803 } |
| 804 |
| 805 TEST_F(WebCryptoImplTest, ImportJwkInputConsistency) { |
| 806 // The Web Crypto spec says that if a JWK value is present, but is |
| 807 // inconsistent with the input value, the operation must fail. |
| 808 |
| 809 // Consistency rules when JWK value is not present: Inputs should be used. |
| 810 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
| 811 bool extractable = false; |
| 812 blink::WebCryptoAlgorithm algorithm = |
| 813 webcrypto::CreateHmacAlgorithmByHashId(blink::WebCryptoAlgorithmIdSha256); |
| 814 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageVerify; |
| 815 base::DictionaryValue dict; |
| 816 dict.SetString("kty", "oct"); |
| 817 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg"); |
| 818 std::vector<uint8> json_vec = MakeJsonVector(dict); |
| 819 EXPECT_TRUE(ImportKeyJwk(json_vec, algorithm, extractable, usage_mask, &key)); |
| 820 EXPECT_TRUE(key.handle()); |
| 821 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
| 822 EXPECT_EQ(extractable, key.extractable()); |
| 823 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id()); |
| 824 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, |
| 825 key.algorithm().hmacParams()->hash().id()); |
| 826 EXPECT_EQ(blink::WebCryptoKeyUsageVerify, key.usages()); |
| 827 key = blink::WebCryptoKey::createNull(); |
| 828 |
| 829 // Consistency rules when JWK value exists: Fail if inconsistency is found. |
| 830 |
| 831 // Pass: All input values are consistent with the JWK values. |
| 832 dict.Clear(); |
| 833 dict.SetString("kty", "oct"); |
| 834 dict.SetString("alg", "HS256"); |
| 835 dict.SetString("use", "sig"); |
| 836 dict.SetBoolean("extractable", false); |
| 837 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg"); |
| 838 json_vec = MakeJsonVector(dict); |
| 839 EXPECT_TRUE(ImportKeyJwk(json_vec, algorithm, extractable, usage_mask, &key)); |
| 840 |
| 841 // Extractable cases: |
| 842 // 1. input=T, JWK=F ==> fail (inconsistent) |
| 843 // 4. input=F, JWK=F ==> pass, result extractable is F |
| 844 // 2. input=T, JWK=T ==> pass, result extractable is T |
| 845 // 3. input=F, JWK=T ==> pass, result extractable is F |
| 846 EXPECT_FALSE(ImportKeyJwk(json_vec, algorithm, true, usage_mask, &key)); |
| 847 EXPECT_TRUE(ImportKeyJwk(json_vec, algorithm, false, usage_mask, &key)); |
| 848 EXPECT_FALSE(key.extractable()); |
| 849 dict.SetBoolean("extractable", true); |
| 850 EXPECT_TRUE( |
| 851 ImportKeyJwk(MakeJsonVector(dict), algorithm, true, usage_mask, &key)); |
| 852 EXPECT_TRUE(key.extractable()); |
| 853 EXPECT_TRUE( |
| 854 ImportKeyJwk(MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
| 855 EXPECT_FALSE(key.extractable()); |
| 856 dict.SetBoolean("extractable", true); // restore previous value |
| 857 |
| 858 // Fail: Input algorithm (AES-CBC) is inconsistent with JWK value |
| 859 // (HMAC SHA256). |
| 860 EXPECT_FALSE(ImportKeyJwk( |
| 861 json_vec, |
| 862 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
| 863 extractable, |
| 864 usage_mask, |
| 865 &key)); |
| 866 |
| 867 // Fail: Input algorithm (HMAC SHA1) is inconsistent with JWK value |
| 868 // (HMAC SHA256). |
| 869 EXPECT_FALSE(ImportKeyJwk( |
| 870 json_vec, |
| 871 webcrypto::CreateHmacAlgorithmByHashId(blink::WebCryptoAlgorithmIdSha1), |
| 872 extractable, |
| 873 usage_mask, |
| 874 &key)); |
| 875 |
| 876 // Pass: JWK alg valid but input algorithm isNull: use JWK algorithm value. |
| 877 EXPECT_TRUE(ImportKeyJwk(json_vec, |
| 878 blink::WebCryptoAlgorithm::createNull(), |
| 879 extractable, |
| 880 usage_mask, |
| 881 &key)); |
| 882 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id()); |
| 883 |
| 884 // Pass: JWK alg missing but input algorithm specified: use input value |
| 885 dict.Remove("alg", NULL); |
| 886 EXPECT_TRUE(ImportKeyJwk( |
| 887 MakeJsonVector(dict), |
| 888 webcrypto::CreateHmacAlgorithmByHashId(blink::WebCryptoAlgorithmIdSha256), |
| 889 extractable, |
| 890 usage_mask, |
| 891 &key)); |
| 892 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id()); |
| 893 dict.SetString("alg", "HS256"); |
| 894 |
| 895 // Fail: Input usage_mask (encrypt) is not a subset of the JWK value |
| 896 // (sign|verify) |
| 897 EXPECT_FALSE(ImportKeyJwk( |
| 898 json_vec, algorithm, extractable, blink::WebCryptoKeyUsageEncrypt, &key)); |
| 899 |
| 900 // Fail: Input usage_mask (encrypt|sign|verify) is not a subset of the JWK |
| 901 // value (sign|verify) |
| 902 usage_mask = blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageSign | |
| 903 blink::WebCryptoKeyUsageVerify; |
| 904 EXPECT_FALSE( |
| 905 ImportKeyJwk(json_vec, algorithm, extractable, usage_mask, &key)); |
| 906 usage_mask = blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify; |
| 907 } |
| 908 |
| 909 TEST_F(WebCryptoImplTest, ImportJwkHappy) { |
| 910 |
| 911 // This test verifies the happy path of JWK import, including the application |
| 912 // of the imported key material. |
| 913 |
| 914 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
| 915 bool extractable = false; |
| 916 blink::WebCryptoAlgorithm algorithm = |
| 917 webcrypto::CreateHmacAlgorithmByHashId(blink::WebCryptoAlgorithmIdSha256); |
| 918 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageSign; |
| 919 |
| 920 // Import a symmetric key JWK and HMAC-SHA256 sign() |
| 921 // Uses the first SHA256 test vector from the HMAC sample set above. |
| 922 |
| 923 base::DictionaryValue dict; |
| 924 dict.SetString("kty", "oct"); |
| 925 dict.SetString("alg", "HS256"); |
| 926 dict.SetString("use", "sig"); |
| 927 dict.SetBoolean("extractable", false); |
| 928 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg"); |
| 929 std::vector<uint8> json_vec = MakeJsonVector(dict); |
| 930 |
| 931 ASSERT_TRUE(ImportKeyJwk(json_vec, algorithm, extractable, usage_mask, &key)); |
| 932 |
| 933 const std::vector<uint8> message_raw = HexStringToBytes( |
| 934 "b1689c2591eaf3c9e66070f8a77954ffb81749f1b00346f9dfe0b2ee905dcc288baf4a" |
| 935 "92de3f4001dd9f44c468c3d07d6c6ee82faceafc97c2fc0fc0601719d2dcd0aa2aec92" |
| 936 "d1b0ae933c65eb06a03c9c935c2bad0459810241347ab87e9f11adb30415424c6c7f5f" |
| 937 "22a003b8ab8de54f6ded0e3ab9245fa79568451dfa258e"); |
| 938 |
| 939 blink::WebArrayBuffer output; |
| 940 |
| 941 ASSERT_TRUE(SignInternal(algorithm, key, message_raw, &output)); |
| 942 |
| 943 const std::string mac_raw = |
| 944 "769f00d3e6a6cc1fb426a14a4f76c6462e6149726e0dee0ec0cf97a16605ac8b"; |
| 945 |
| 946 ExpectArrayBufferMatchesHex(mac_raw, output); |
| 947 |
| 948 // TODO(padolph) |
| 949 // Import an RSA public key JWK and use it |
| 950 } |
| 951 |
707 #if !defined(USE_OPENSSL) | 952 #if !defined(USE_OPENSSL) |
708 | 953 |
709 TEST_F(WebCryptoImplTest, ImportExportSpki) { | 954 TEST_F(WebCryptoImplTest, ImportExportSpki) { |
710 // openssl genrsa -out pair.pem 2048 | 955 // openssl genrsa -out pair.pem 2048 |
711 // openssl rsa -in pair.pem -out pubkey.der -outform DER -pubout | 956 // openssl rsa -in pair.pem -out pubkey.der -outform DER -pubout |
712 // xxd -p pubkey.der | 957 // xxd -p pubkey.der |
713 const std::string hex_rsa_spki_der = | 958 const std::string hex_rsa_spki_der = |
714 "30820122300d06092a864886f70d01010105000382010f003082010a0282" | 959 "30820122300d06092a864886f70d01010105000382010f003082010a0282" |
715 "010100f19e40f94e3780858701577a571cca000cb9795db89ddf8e98ab0e" | 960 "010100f19e40f94e3780858701577a571cca000cb9795db89ddf8e98ab0e" |
716 "5eecfa47516cb08dc591cae5ab7fa43d6db402e95991d4a2de52e7cd3a66" | 961 "5eecfa47516cb08dc591cae5ab7fa43d6db402e95991d4a2de52e7cd3a66" |
717 "4f58284be2eb4675d5a849a2582c585d2b3c6c225a8f2c53a0414d5dbd06" | 962 "4f58284be2eb4675d5a849a2582c585d2b3c6c225a8f2c53a0414d5dbd06" |
718 "172371cefdf953e9ec3000fc9ad000743023f74e82d12aa93917a2c9b832" | 963 "172371cefdf953e9ec3000fc9ad000743023f74e82d12aa93917a2c9b832" |
719 "696085ee0711154cf98a6d098f44cee00ea3b7584236503a5483ba8b6792" | 964 "696085ee0711154cf98a6d098f44cee00ea3b7584236503a5483ba8b6792" |
720 "fee588d1a8f4a0618333c4cb3447d760b43d5a0d9ed6ef79763df670cd8b" | 965 "fee588d1a8f4a0618333c4cb3447d760b43d5a0d9ed6ef79763df670cd8b" |
721 "5eb869a20833f1e3e6d8b88240a5d4335c73fd20487f2a7d112af8692357" | 966 "5eb869a20833f1e3e6d8b88240a5d4335c73fd20487f2a7d112af8692357" |
722 "6425e44a273e5ad2e93d6b50a28e65f9e133958e4f0c7d12e0adc90fedd4" | 967 "6425e44a273e5ad2e93d6b50a28e65f9e133958e4f0c7d12e0adc90fedd4" |
723 "f6b6848e7b6900666642a08b520a6534a35d4f0203010001"; | 968 "f6b6848e7b6900666642a08b520a6534a35d4f0203010001"; |
724 | 969 |
725 // Passing case: Import a valid RSA key in SPKI format. | 970 // Passing case: Import a valid RSA key in SPKI format. |
726 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 971 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
727 ASSERT_TRUE(ImportKeyInternal( | 972 ASSERT_TRUE(ImportKeyInternal( |
728 blink::WebCryptoKeyFormatSpki, | 973 blink::WebCryptoKeyFormatSpki, |
729 HexStringToBytes(hex_rsa_spki_der), | 974 HexStringToBytes(hex_rsa_spki_der), |
730 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), | 975 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), |
731 true, | 976 true, |
732 blink::WebCryptoKeyUsageEncrypt, | 977 blink::WebCryptoKeyUsageEncrypt, |
733 &key)); | 978 &key)); |
734 EXPECT_TRUE(key.handle()); | 979 EXPECT_TRUE(key.handle()); |
735 EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type()); | 980 EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type()); |
736 EXPECT_TRUE(key.extractable()); | 981 EXPECT_TRUE(key.extractable()); |
737 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); | 982 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); |
738 | 983 |
739 // Failing case: Empty SPKI data | 984 // Failing case: Empty SPKI data |
740 EXPECT_FALSE(ImportKeyInternal( | 985 EXPECT_FALSE(ImportKeyInternal( |
(...skipping 12 matching lines...) Expand all Loading... |
753 HexStringToBytes(hex_rsa_spki_der), | 998 HexStringToBytes(hex_rsa_spki_der), |
754 blink::WebCryptoAlgorithm::createNull(), | 999 blink::WebCryptoAlgorithm::createNull(), |
755 true, | 1000 true, |
756 blink::WebCryptoKeyUsageEncrypt, | 1001 blink::WebCryptoKeyUsageEncrypt, |
757 &key)); | 1002 &key)); |
758 | 1003 |
759 // Failing case: Bad DER encoding. | 1004 // Failing case: Bad DER encoding. |
760 EXPECT_FALSE(ImportKeyInternal( | 1005 EXPECT_FALSE(ImportKeyInternal( |
761 blink::WebCryptoKeyFormatSpki, | 1006 blink::WebCryptoKeyFormatSpki, |
762 HexStringToBytes("618333c4cb"), | 1007 HexStringToBytes("618333c4cb"), |
763 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), | 1008 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), |
764 true, | 1009 true, |
765 blink::WebCryptoKeyUsageEncrypt, | 1010 blink::WebCryptoKeyUsageEncrypt, |
766 &key)); | 1011 &key)); |
767 | 1012 |
768 // Failing case: Import RSA key but provide an inconsistent input algorithm. | 1013 // Failing case: Import RSA key but provide an inconsistent input algorithm. |
769 EXPECT_FALSE(ImportKeyInternal( | 1014 EXPECT_FALSE(ImportKeyInternal( |
770 blink::WebCryptoKeyFormatSpki, | 1015 blink::WebCryptoKeyFormatSpki, |
771 HexStringToBytes(hex_rsa_spki_der), | 1016 HexStringToBytes(hex_rsa_spki_der), |
772 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 1017 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
773 true, | 1018 true, |
774 blink::WebCryptoKeyUsageEncrypt, | 1019 blink::WebCryptoKeyUsageEncrypt, |
775 &key)); | 1020 &key)); |
776 | 1021 |
777 // Passing case: Export a previously imported RSA public key in SPKI format | 1022 // Passing case: Export a previously imported RSA public key in SPKI format |
778 // and compare to original data. | 1023 // and compare to original data. |
779 blink::WebArrayBuffer output; | 1024 blink::WebArrayBuffer output; |
780 ASSERT_TRUE(ExportKeyInternal(blink::WebCryptoKeyFormatSpki, key, &output)); | 1025 ASSERT_TRUE(ExportKeyInternal(blink::WebCryptoKeyFormatSpki, key, &output)); |
781 ExpectArrayBufferMatchesHex(hex_rsa_spki_der, output); | 1026 ExpectArrayBufferMatchesHex(hex_rsa_spki_der, output); |
782 | 1027 |
783 // Failing case: Try to export a non-extractable key | 1028 // Failing case: Try to export a non-extractable key |
784 ASSERT_TRUE(ImportKeyInternal( | 1029 ASSERT_TRUE(ImportKeyInternal( |
785 blink::WebCryptoKeyFormatSpki, | 1030 blink::WebCryptoKeyFormatSpki, |
786 HexStringToBytes(hex_rsa_spki_der), | 1031 HexStringToBytes(hex_rsa_spki_der), |
787 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), | 1032 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), |
788 false, | 1033 false, |
789 blink::WebCryptoKeyUsageEncrypt, | 1034 blink::WebCryptoKeyUsageEncrypt, |
790 &key)); | 1035 &key)); |
791 EXPECT_TRUE(key.handle()); | 1036 EXPECT_TRUE(key.handle()); |
792 EXPECT_FALSE(key.extractable()); | 1037 EXPECT_FALSE(key.extractable()); |
793 EXPECT_FALSE(ExportKeyInternal(blink::WebCryptoKeyFormatSpki, key, &output)); | 1038 EXPECT_FALSE(ExportKeyInternal(blink::WebCryptoKeyFormatSpki, key, &output)); |
794 | |
795 // TODO(padolph): Use the imported key for a Known Answer Test (KAT). | |
796 } | 1039 } |
797 | 1040 |
798 TEST_F(WebCryptoImplTest, ImportPkcs8) { | 1041 TEST_F(WebCryptoImplTest, ImportPkcs8) { |
799 | 1042 |
800 // The following is a DER-encoded PKCS#8 representation of the RSA key from | 1043 // The following is a DER-encoded PKCS#8 representation of the RSA key from |
801 // Example 1 of NIST's "Test vectors for RSA PKCS#1 v1.5 Signature". | 1044 // Example 1 of NIST's "Test vectors for RSA PKCS#1 v1.5 Signature". |
802 // ftp://ftp.rsa.com/pub/rsalabs/tmp/pkcs1v15sign-vectors.txt | 1045 // ftp://ftp.rsa.com/pub/rsalabs/tmp/pkcs1v15sign-vectors.txt |
803 const std::string hex_rsa_pkcs8_der = | 1046 const std::string hex_rsa_pkcs8_der = |
804 "30820275020100300D06092A864886F70D01010105000482025F3082025B020100028181" | 1047 "30820275020100300D06092A864886F70D01010105000482025F3082025B020100028181" |
805 "00A56E4A0E701017589A5187DC7EA841D156F2EC0E36AD52A44DFEB1E61F7AD991D8C510" | 1048 "00A56E4A0E701017589A5187DC7EA841D156F2EC0E36AD52A44DFEB1E61F7AD991D8C510" |
(...skipping 12 matching lines...) Expand all Loading... |
818 "8B38F398FA712049898D7FB79EE0A77668791299CDFA09EFC0E507ACB21ED74301EF5BFD" | 1061 "8B38F398FA712049898D7FB79EE0A77668791299CDFA09EFC0E507ACB21ED74301EF5BFD" |
819 "48BE455EAEB6E1678255827580A8E4E8E14151D1510A82A3F2E729024027156ABA4126D2" | 1062 "48BE455EAEB6E1678255827580A8E4E8E14151D1510A82A3F2E729024027156ABA4126D2" |
820 "4A81F3A528CBFB27F56886F840A9F6E86E17A44B94FE9319584B8E22FDDE1E5A2E3BD8AA" | 1063 "4A81F3A528CBFB27F56886F840A9F6E86E17A44B94FE9319584B8E22FDDE1E5A2E3BD8AA" |
821 "5BA8D8584194EB2190ACF832B847F13A3D24A79F4D"; | 1064 "5BA8D8584194EB2190ACF832B847F13A3D24A79F4D"; |
822 | 1065 |
823 // Passing case: Import a valid RSA key in PKCS#8 format. | 1066 // Passing case: Import a valid RSA key in PKCS#8 format. |
824 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1067 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
825 ASSERT_TRUE(ImportKeyInternal( | 1068 ASSERT_TRUE(ImportKeyInternal( |
826 blink::WebCryptoKeyFormatPkcs8, | 1069 blink::WebCryptoKeyFormatPkcs8, |
827 HexStringToBytes(hex_rsa_pkcs8_der), | 1070 HexStringToBytes(hex_rsa_pkcs8_der), |
828 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), | 1071 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), |
829 true, | 1072 true, |
830 blink::WebCryptoKeyUsageSign, | 1073 blink::WebCryptoKeyUsageSign, |
831 &key)); | 1074 &key)); |
832 EXPECT_TRUE(key.handle()); | 1075 EXPECT_TRUE(key.handle()); |
833 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, key.type()); | 1076 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, key.type()); |
834 EXPECT_TRUE(key.extractable()); | 1077 EXPECT_TRUE(key.extractable()); |
835 EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages()); | 1078 EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages()); |
836 | 1079 |
837 // Failing case: Empty PKCS#8 data | 1080 // Failing case: Empty PKCS#8 data |
838 EXPECT_FALSE(ImportKeyInternal( | 1081 EXPECT_FALSE(ImportKeyInternal( |
(...skipping 12 matching lines...) Expand all Loading... |
851 HexStringToBytes(hex_rsa_pkcs8_der), | 1094 HexStringToBytes(hex_rsa_pkcs8_der), |
852 blink::WebCryptoAlgorithm::createNull(), | 1095 blink::WebCryptoAlgorithm::createNull(), |
853 true, | 1096 true, |
854 blink::WebCryptoKeyUsageSign, | 1097 blink::WebCryptoKeyUsageSign, |
855 &key)); | 1098 &key)); |
856 | 1099 |
857 // Failing case: Bad DER encoding. | 1100 // Failing case: Bad DER encoding. |
858 EXPECT_FALSE(ImportKeyInternal( | 1101 EXPECT_FALSE(ImportKeyInternal( |
859 blink::WebCryptoKeyFormatPkcs8, | 1102 blink::WebCryptoKeyFormatPkcs8, |
860 HexStringToBytes("618333c4cb"), | 1103 HexStringToBytes("618333c4cb"), |
861 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), | 1104 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), |
862 true, | 1105 true, |
863 blink::WebCryptoKeyUsageSign, | 1106 blink::WebCryptoKeyUsageSign, |
864 &key)); | 1107 &key)); |
865 | 1108 |
866 // Failing case: Import RSA key but provide an inconsistent input algorithm. | 1109 // Failing case: Import RSA key but provide an inconsistent input algorithm. |
867 EXPECT_FALSE(ImportKeyInternal( | 1110 EXPECT_FALSE(ImportKeyInternal( |
868 blink::WebCryptoKeyFormatPkcs8, | 1111 blink::WebCryptoKeyFormatPkcs8, |
869 HexStringToBytes(hex_rsa_pkcs8_der), | 1112 HexStringToBytes(hex_rsa_pkcs8_der), |
870 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 1113 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
871 true, | 1114 true, |
872 blink::WebCryptoKeyUsageSign, | 1115 blink::WebCryptoKeyUsageSign, |
873 &key)); | 1116 &key)); |
874 | |
875 // TODO(padolph): Use the imported key for a Known Answer Test (KAT). | |
876 } | 1117 } |
877 | 1118 |
878 TEST_F(WebCryptoImplTest, GenerateKeyPairRsa) { | 1119 TEST_F(WebCryptoImplTest, GenerateKeyPairRsa) { |
879 // Note: using unrealistic short key lengths here to avoid bogging down tests. | 1120 // Note: using unrealistic short key lengths here to avoid bogging down tests. |
880 | 1121 |
881 // Successful WebCryptoAlgorithmIdRsaEsPkcs1v1_5 key generation. | 1122 // Successful WebCryptoAlgorithmIdRsaEsPkcs1v1_5 key generation. |
882 const unsigned modulus_length = 256; | 1123 const unsigned modulus_length = 256; |
883 const std::vector<uint8> public_exponent = HexStringToBytes("010001"); | 1124 const std::vector<uint8> public_exponent = HexStringToBytes("010001"); |
884 blink::WebCryptoAlgorithm algorithm = | 1125 blink::WebCryptoAlgorithm algorithm = webcrypto::CreateRsaKeyGenAlgorithm( |
885 CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, | 1126 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, |
886 modulus_length, | 1127 modulus_length, |
887 public_exponent); | 1128 public_exponent); |
888 bool extractable = true; | 1129 bool extractable = false; |
889 const blink::WebCryptoKeyUsageMask usage_mask = 0; | 1130 const blink::WebCryptoKeyUsageMask usage_mask = 0; |
890 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 1131 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
891 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | 1132 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
892 EXPECT_TRUE(GenerateKeyPairInternal( | 1133 EXPECT_TRUE(GenerateKeyPairInternal( |
893 algorithm, extractable, usage_mask, &public_key, &private_key)); | 1134 algorithm, extractable, usage_mask, &public_key, &private_key)); |
894 EXPECT_FALSE(public_key.isNull()); | 1135 EXPECT_FALSE(public_key.isNull()); |
895 EXPECT_FALSE(private_key.isNull()); | 1136 EXPECT_FALSE(private_key.isNull()); |
896 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); | 1137 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); |
897 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); | 1138 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); |
898 EXPECT_EQ(extractable, public_key.extractable()); | 1139 EXPECT_EQ(extractable, public_key.extractable()); |
899 EXPECT_EQ(extractable, private_key.extractable()); | 1140 EXPECT_EQ(extractable, private_key.extractable()); |
900 EXPECT_EQ(usage_mask, public_key.usages()); | 1141 EXPECT_EQ(usage_mask, public_key.usages()); |
901 EXPECT_EQ(usage_mask, private_key.usages()); | 1142 EXPECT_EQ(usage_mask, private_key.usages()); |
902 | 1143 |
903 // Fail with bad modulus. | 1144 // Fail with bad modulus. |
904 algorithm = CreateRsaKeyGenAlgorithm( | 1145 algorithm = webcrypto::CreateRsaKeyGenAlgorithm( |
905 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, 0, public_exponent); | 1146 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, 0, public_exponent); |
906 EXPECT_FALSE(GenerateKeyPairInternal( | 1147 EXPECT_FALSE(GenerateKeyPairInternal( |
907 algorithm, extractable, usage_mask, &public_key, &private_key)); | 1148 algorithm, extractable, usage_mask, &public_key, &private_key)); |
908 | 1149 |
909 // Fail with bad exponent: larger than unsigned long. | 1150 // Fail with bad exponent: larger than unsigned long. |
910 unsigned exponent_length = sizeof(unsigned long) + 1; // NOLINT | 1151 unsigned exponent_length = sizeof(unsigned long) + 1; // NOLINT |
911 const std::vector<uint8> long_exponent(exponent_length, 0x01); | 1152 const std::vector<uint8> long_exponent(exponent_length, 0x01); |
912 algorithm = CreateRsaKeyGenAlgorithm( | 1153 algorithm = webcrypto::CreateRsaKeyGenAlgorithm( |
913 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, modulus_length, long_exponent); | 1154 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, modulus_length, long_exponent); |
914 EXPECT_FALSE(GenerateKeyPairInternal( | 1155 EXPECT_FALSE(GenerateKeyPairInternal( |
915 algorithm, extractable, usage_mask, &public_key, &private_key)); | 1156 algorithm, extractable, usage_mask, &public_key, &private_key)); |
916 | 1157 |
917 // Fail with bad exponent: empty. | 1158 // Fail with bad exponent: empty. |
918 const std::vector<uint8> empty_exponent; | 1159 const std::vector<uint8> empty_exponent; |
919 algorithm = | 1160 algorithm = webcrypto::CreateRsaKeyGenAlgorithm( |
920 CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, | 1161 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, |
921 modulus_length, | 1162 modulus_length, |
922 empty_exponent); | 1163 empty_exponent); |
923 EXPECT_FALSE(GenerateKeyPairInternal( | 1164 EXPECT_FALSE(GenerateKeyPairInternal( |
924 algorithm, extractable, usage_mask, &public_key, &private_key)); | 1165 algorithm, extractable, usage_mask, &public_key, &private_key)); |
925 | 1166 |
926 // Fail with bad exponent: all zeros. | 1167 // Fail with bad exponent: all zeros. |
927 std::vector<uint8> exponent_with_leading_zeros(15, 0x00); | 1168 std::vector<uint8> exponent_with_leading_zeros(15, 0x00); |
928 algorithm = | 1169 algorithm = webcrypto::CreateRsaKeyGenAlgorithm( |
929 CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, | 1170 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, |
930 modulus_length, | 1171 modulus_length, |
931 exponent_with_leading_zeros); | 1172 exponent_with_leading_zeros); |
932 EXPECT_FALSE(GenerateKeyPairInternal( | 1173 EXPECT_FALSE(GenerateKeyPairInternal( |
933 algorithm, extractable, usage_mask, &public_key, &private_key)); | 1174 algorithm, extractable, usage_mask, &public_key, &private_key)); |
934 | 1175 |
935 // Key generation success using exponent with leading zeros. | 1176 // Key generation success using exponent with leading zeros. |
936 exponent_with_leading_zeros.insert(exponent_with_leading_zeros.end(), | 1177 exponent_with_leading_zeros.insert(exponent_with_leading_zeros.end(), |
937 public_exponent.begin(), | 1178 public_exponent.begin(), |
938 public_exponent.end()); | 1179 public_exponent.end()); |
939 algorithm = | 1180 algorithm = webcrypto::CreateRsaKeyGenAlgorithm( |
940 CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, | 1181 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, |
941 modulus_length, | 1182 modulus_length, |
942 exponent_with_leading_zeros); | 1183 exponent_with_leading_zeros); |
943 EXPECT_TRUE(GenerateKeyPairInternal( | 1184 EXPECT_TRUE(GenerateKeyPairInternal( |
944 algorithm, extractable, usage_mask, &public_key, &private_key)); | 1185 algorithm, extractable, usage_mask, &public_key, &private_key)); |
945 EXPECT_FALSE(public_key.isNull()); | 1186 EXPECT_FALSE(public_key.isNull()); |
946 EXPECT_FALSE(private_key.isNull()); | 1187 EXPECT_FALSE(private_key.isNull()); |
947 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); | 1188 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); |
948 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); | 1189 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); |
949 EXPECT_EQ(extractable, public_key.extractable()); | 1190 EXPECT_EQ(extractable, public_key.extractable()); |
950 EXPECT_EQ(extractable, private_key.extractable()); | 1191 EXPECT_EQ(extractable, private_key.extractable()); |
951 EXPECT_EQ(usage_mask, public_key.usages()); | 1192 EXPECT_EQ(usage_mask, public_key.usages()); |
952 EXPECT_EQ(usage_mask, private_key.usages()); | 1193 EXPECT_EQ(usage_mask, private_key.usages()); |
953 | 1194 |
954 // Successful WebCryptoAlgorithmIdRsaOaep key generation. | 1195 // Successful WebCryptoAlgorithmIdRsaOaep key generation. |
955 algorithm = CreateRsaKeyGenAlgorithm( | 1196 algorithm = webcrypto::CreateRsaKeyGenAlgorithm( |
956 blink::WebCryptoAlgorithmIdRsaOaep, modulus_length, public_exponent); | 1197 blink::WebCryptoAlgorithmIdRsaOaep, modulus_length, public_exponent); |
957 EXPECT_TRUE(GenerateKeyPairInternal( | 1198 EXPECT_TRUE(GenerateKeyPairInternal( |
958 algorithm, extractable, usage_mask, &public_key, &private_key)); | 1199 algorithm, extractable, usage_mask, &public_key, &private_key)); |
959 EXPECT_FALSE(public_key.isNull()); | 1200 EXPECT_FALSE(public_key.isNull()); |
960 EXPECT_FALSE(private_key.isNull()); | 1201 EXPECT_FALSE(private_key.isNull()); |
961 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); | 1202 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); |
962 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); | 1203 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); |
963 EXPECT_EQ(extractable, public_key.extractable()); | 1204 EXPECT_EQ(extractable, public_key.extractable()); |
964 EXPECT_EQ(extractable, private_key.extractable()); | 1205 EXPECT_EQ(extractable, private_key.extractable()); |
965 EXPECT_EQ(usage_mask, public_key.usages()); | 1206 EXPECT_EQ(usage_mask, public_key.usages()); |
966 EXPECT_EQ(usage_mask, private_key.usages()); | 1207 EXPECT_EQ(usage_mask, private_key.usages()); |
967 | 1208 |
968 // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation. | 1209 // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation. |
969 algorithm = | 1210 algorithm = webcrypto::CreateRsaKeyGenAlgorithm( |
970 CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 1211 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
971 modulus_length, | 1212 modulus_length, |
972 public_exponent); | 1213 public_exponent); |
973 EXPECT_TRUE(GenerateKeyPairInternal( | 1214 EXPECT_TRUE(GenerateKeyPairInternal( |
974 algorithm, extractable, usage_mask, &public_key, &private_key)); | 1215 algorithm, extractable, usage_mask, &public_key, &private_key)); |
975 EXPECT_FALSE(public_key.isNull()); | 1216 EXPECT_FALSE(public_key.isNull()); |
976 EXPECT_FALSE(private_key.isNull()); | 1217 EXPECT_FALSE(private_key.isNull()); |
977 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); | 1218 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); |
978 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); | 1219 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); |
979 EXPECT_EQ(extractable, public_key.extractable()); | 1220 EXPECT_EQ(extractable, public_key.extractable()); |
980 EXPECT_EQ(extractable, private_key.extractable()); | 1221 EXPECT_EQ(extractable, private_key.extractable()); |
981 EXPECT_EQ(usage_mask, public_key.usages()); | 1222 EXPECT_EQ(usage_mask, public_key.usages()); |
982 EXPECT_EQ(usage_mask, private_key.usages()); | 1223 EXPECT_EQ(usage_mask, private_key.usages()); |
(...skipping 28 matching lines...) Expand all Loading... |
1011 // length of k - 11 bytes, where k is the octet length of the RSA modulus. | 1252 // length of k - 11 bytes, where k is the octet length of the RSA modulus. |
1012 const unsigned kMaxMsgSizeBytes = kModulusLength / 8 - 11; | 1253 const unsigned kMaxMsgSizeBytes = kModulusLength / 8 - 11; |
1013 // There are two hex chars for each byte. | 1254 // There are two hex chars for each byte. |
1014 const unsigned kMsgHexSize = kMaxMsgSizeBytes * 2; | 1255 const unsigned kMsgHexSize = kMaxMsgSizeBytes * 2; |
1015 char max_data_hex[kMsgHexSize+1]; | 1256 char max_data_hex[kMsgHexSize+1]; |
1016 std::fill(&max_data_hex[0], &max_data_hex[0] + kMsgHexSize, 'a'); | 1257 std::fill(&max_data_hex[0], &max_data_hex[0] + kMsgHexSize, 'a'); |
1017 max_data_hex[kMsgHexSize] = '\0'; | 1258 max_data_hex[kMsgHexSize] = '\0'; |
1018 | 1259 |
1019 // Verify encrypt / decrypt round trip on a few messages. Note that RSA | 1260 // Verify encrypt / decrypt round trip on a few messages. Note that RSA |
1020 // encryption does not support empty input. | 1261 // encryption does not support empty input. |
1021 algorithm = CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); | 1262 algorithm = |
| 1263 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); |
1022 const char* const kTestDataHex[] = { | 1264 const char* const kTestDataHex[] = { |
1023 "ff", | 1265 "ff", |
1024 "0102030405060708090a0b0c0d0e0f", | 1266 "0102030405060708090a0b0c0d0e0f", |
1025 max_data_hex | 1267 max_data_hex |
1026 }; | 1268 }; |
1027 blink::WebArrayBuffer encrypted_data; | 1269 blink::WebArrayBuffer encrypted_data; |
1028 blink::WebArrayBuffer decrypted_data; | 1270 blink::WebArrayBuffer decrypted_data; |
1029 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTestDataHex); ++i) { | 1271 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTestDataHex); ++i) { |
1030 SCOPED_TRACE(i); | 1272 SCOPED_TRACE(i); |
1031 ASSERT_TRUE(EncryptInternal( | 1273 ASSERT_TRUE(EncryptInternal( |
(...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1105 "eef9e822"; | 1347 "eef9e822"; |
1106 const std::string ciphertext_hex = | 1348 const std::string ciphertext_hex = |
1107 "6106441c2b7a4b1a16260ed1ae4fe6135247345dc8e674754bbda6588c6c" | 1349 "6106441c2b7a4b1a16260ed1ae4fe6135247345dc8e674754bbda6588c6c" |
1108 "0d95a3d4d26bb34cdbcbe327723e80343bd7a15cd4c91c3a44e6cb9c6cd6" | 1350 "0d95a3d4d26bb34cdbcbe327723e80343bd7a15cd4c91c3a44e6cb9c6cd6" |
1109 "7ad2e8bf41523188d9b36dc364a838642dcbc2c25e85dfb2106ba47578ca" | 1351 "7ad2e8bf41523188d9b36dc364a838642dcbc2c25e85dfb2106ba47578ca" |
1110 "3bbf8915055aea4fa7c3cbfdfbcc163f04c234fb6d847f39bab9612ecbee" | 1352 "3bbf8915055aea4fa7c3cbfdfbcc163f04c234fb6d847f39bab9612ecbee" |
1111 "04626e945c3ccf42"; | 1353 "04626e945c3ccf42"; |
1112 | 1354 |
1113 // Import the public key. | 1355 // Import the public key. |
1114 const blink::WebCryptoAlgorithm algorithm = | 1356 const blink::WebCryptoAlgorithm algorithm = |
1115 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); | 1357 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); |
1116 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 1358 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
1117 ASSERT_TRUE(ImportKeyInternal( | 1359 ASSERT_TRUE(ImportKeyInternal( |
1118 blink::WebCryptoKeyFormatSpki, | 1360 blink::WebCryptoKeyFormatSpki, |
1119 HexStringToBytes(rsa_spki_der_hex), | 1361 HexStringToBytes(rsa_spki_der_hex), |
1120 algorithm, | 1362 algorithm, |
1121 true, | 1363 true, |
1122 blink::WebCryptoKeyUsageEncrypt, | 1364 blink::WebCryptoKeyUsageEncrypt, |
1123 &public_key)); | 1365 &public_key)); |
1124 EXPECT_FALSE(public_key.isNull()); | 1366 EXPECT_FALSE(public_key.isNull()); |
1125 EXPECT_TRUE(public_key.handle()); | 1367 EXPECT_TRUE(public_key.handle()); |
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1182 const blink::WebCryptoKeyUsageMask usage_mask = | 1424 const blink::WebCryptoKeyUsageMask usage_mask = |
1183 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt; | 1425 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt; |
1184 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 1426 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
1185 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | 1427 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
1186 EXPECT_TRUE(GenerateKeyPairInternal( | 1428 EXPECT_TRUE(GenerateKeyPairInternal( |
1187 algorithm, false, usage_mask, &public_key, &private_key)); | 1429 algorithm, false, usage_mask, &public_key, &private_key)); |
1188 EXPECT_FALSE(public_key.isNull()); | 1430 EXPECT_FALSE(public_key.isNull()); |
1189 EXPECT_FALSE(private_key.isNull()); | 1431 EXPECT_FALSE(private_key.isNull()); |
1190 | 1432 |
1191 // Fail encrypt with a private key. | 1433 // Fail encrypt with a private key. |
1192 algorithm = CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); | 1434 algorithm = |
| 1435 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); |
1193 blink::WebArrayBuffer encrypted_data; | 1436 blink::WebArrayBuffer encrypted_data; |
1194 const std::string message_hex_str("0102030405060708090a0b0c0d0e0f"); | 1437 const std::string message_hex_str("0102030405060708090a0b0c0d0e0f"); |
1195 const std::vector<uint8> message_hex(HexStringToBytes(message_hex_str)); | 1438 const std::vector<uint8> message_hex(HexStringToBytes(message_hex_str)); |
1196 EXPECT_FALSE( | 1439 EXPECT_FALSE( |
1197 EncryptInternal(algorithm, private_key, message_hex, &encrypted_data)); | 1440 EncryptInternal(algorithm, private_key, message_hex, &encrypted_data)); |
1198 | 1441 |
1199 // Fail encrypt with empty message. | 1442 // Fail encrypt with empty message. |
1200 EXPECT_FALSE(EncryptInternal( | 1443 EXPECT_FALSE(EncryptInternal( |
1201 algorithm, public_key, std::vector<uint8>(), &encrypted_data)); | 1444 algorithm, public_key, std::vector<uint8>(), &encrypted_data)); |
1202 | 1445 |
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1238 private_key, | 1481 private_key, |
1239 reinterpret_cast<const unsigned char*>(encrypted_data.data()), | 1482 reinterpret_cast<const unsigned char*>(encrypted_data.data()), |
1240 encrypted_data.byteLength(), | 1483 encrypted_data.byteLength(), |
1241 &decrypted_data)); | 1484 &decrypted_data)); |
1242 ExpectArrayBufferMatchesHex(message_hex_str, decrypted_data); | 1485 ExpectArrayBufferMatchesHex(message_hex_str, decrypted_data); |
1243 } | 1486 } |
1244 | 1487 |
1245 #endif // #if !defined(USE_OPENSSL) | 1488 #endif // #if !defined(USE_OPENSSL) |
1246 | 1489 |
1247 } // namespace content | 1490 } // namespace content |
OLD | NEW |